Detecting access of video teleconferencing endpoint hardware device serial port

ABSTRACT

That a serial port of a video teleconferencing endpoint hard device has been accessed is detected. In response to detecting that the serial port of the device has been accessed, one or more actions are performed. These actions include alerting a user that the serial port has been accessed.

Video teleconferencing employs a number of endpoints situated atdifferent locations. At each endpoint, there is usually a video camera,a microphone, a video display, and a speaker. Video and audio at eachendpoint is transmitted to the other endpoints, at which the video isdisplayed at the video displays, and at which the audio is output overthe speakers. Generally, the hardware at the endpoints communicate withone another over a network.

As such, the hardware at the endpoints is typically configurable vianetworking protocols like the hypertext transport protocol (HTTP),Telnet, and the file transfer protocol (FTP). The hardware at theendpoints may also be remotely configurable over these networkingprotocols. Because remote configuration is susceptible to hackingattempts, typically a password has to be correctly entered before remoteconfiguration over a network protocol is permitted.

However, the password may be lost. Therefore, as a last resort techniqueby which configuration of endpoint hardware is permitted, the endpointhardware usually includes a serial port over which local configurationof the endpoint hardware can be achieved. Because configuration over theserial port is considered a last resort technique, no password typicallyhas to be entered to configure endpoint hardware over the serial port.

Security for configuration over the serial port of endpoint hardware isgenerally provided in two ways. First, local (e.g., physical) access isneeded to configure endpoint hardware using the serial port, whichprecludes remote hacking attempts. Second, the endpoint hardware may bephysically secured so that physical access of the hardware is difficultto achieve. However, if a hacker does obtain local and physical accessto endpoint hardware, there may be no way to know that security has beencompromised.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a diagram of a representative video teleconferencing system,according to an embodiment of the present disclosure.

FIG. 2 is a block diagram of a video teleconferencing endpoint hardwaredevice, according to an embodiment of the present disclosure.

FIG. 3 is a flowchart of a method by which serial port access of theendpoint hardware device of FIG. 2 is detected and responded to,according to an embodiment of the present disclosure.

DETAILED DESCRIPTION OF THE DRAWINGS

FIG. 1 shows a representative video teleconferencing system 100,according to an embodiment of the present disclosure. The videoteleconferencing system 100 includes video teleconferencing endpointhardware 102A, 102B, . . . , 102N, collectively referred to as the videoteleconferencing endpoint hardware 102. There are at least two suchhardware 102. The video teleconferencing endpoint hardware 102communicate with one another over a network 104.

Each of the video teleconferencing endpoint hardware 102 is typicallysituated at a different location, such as different conference rooms,different offices, different cities, and/or different countries, forinstance. Participants employing the hardware 102 at one of thelocations can thus conduct a video teleconference with otherparticipants of the hardware 102 at the other locations. Locallydetected video and/or audio is transmitted from a given endpointhardware 102 over the network 104 to the endpoint hardware 102 at theother locations, at which the video is displayed and/or at which theaudio is output.

The network 104 may be any of a number of different types of networks.For instance, the network 104 may include a wired network and/or awireless network. The network 104 may be or include the Internet,intranets, and extranets, as well as landline telephony networks, mobiletelephony networks, an integrated services digital network (ISDN), andEthernet networks, among other types of networks.

FIG. 2 shows a block diagram of video teleconferencing endpoint hardwaredevice 200 that can implement any of the endpoint hardware 102,according to an embodiment of the disclosure. The endpoint hardwaredevice 200 can include a video display 202, a speaker 204, a videocamera 206, a microphone 208, non-volatile memory 210, one or moreprocessors 212, volatile memory 214, networking hardware 216, a serialport 218, software 220, and/or a hardware circuit 222. The endpointhardware device 200 may also include other components, in addition toand/or in lieu of those depicted in FIG. 2. At least the video display202, the speaker 202, the video camera 206, and the microphone 208 areconsidered video teleconferencing hardware components, in that theyperform functionality, as described below, that permits the hardwaredevice 200 to act as a video teleconferencing endpoint hardware device.Furthermore, the serial port 218 is at least communicatively connectedto these video teleconferencing hardware components.

The various components of the hardware device 200 may be disposed withinthe same physical enclosure. Alternatively, the components may beseparated over a number of different physical enclosures and connectedto one another via appropriate cabling. Whereas embodiments of thepresent disclosure are substantially described in relation to a givendevice being a video teleconferencing endpoint hardware device, in otherembodiments the device may not be a video teleconferencing endpointhardware device at all, and may instead be another type of device, suchas a general purpose computing device, among other types of devices.

The video display 202 permits remotely detected video to be displayed atthe location of the endpoint hardware device 200. Likewise, the speaker204 permits remotely detected audio to be output at the location of theendpoint hardware device 200. The video camera 206 detects video at thelocation of the endpoint hardware device 200, whereas the microphone 208detects audio at the location of the endpoint hardware device 200.

The non-volatile memory 210 is memory that retains its contents even ifpower is removed from the device 200 and thus from the memory 210. Thememory 210 may be semiconductor memory. The processors 212 executesoftware, such as the software 220 as well as other software of theendpoint hardware device 200, and may be supplemented by other morespecial-purpose processing hardware, such as application-specificintegrated circuits (ASIC's), and digital signal processors (DSP's). Thememory 214 is volatile memory that does not retain its contents whenpower is removed from the device 200 and thus from the memory 214. Thememory 214 may also be semiconductor memory.

The networking hardware 216 permits the endpoint hardware device 200 tocommunicate over the network 104 with the other video teleconferencingendpoint hardware 102. The networking hardware 216 thus provides fornetworking connectivity, such as wired networking connectivity and/orwireless networking connectivity. Configuration of the endpoint hardwaredevice 200 may be remotely achieved by communicating with the endpointhardware device 200 over the network 104 via the networking hardware216, upon the remote entry of the correct password, for instance.

Configuration of the endpoint hardware device 200 can include specifyingthe network settings of the device 200, such as its network address(e.g., its Internet Protocol (IP) address), as well as specifying otherparameters of the device 200. Other such configuration parametersinclude passwords, whether a control panel is unlocked or enabled,whether auto-answer is enabled, whether remote camera control ispermitted, and so on. The control panel, for instance, permits a user tomodify the configuration via remote control. Another configurationparameter is a factory reset command, that if issued may completelyclear memory and render the device 200 essentially unusable.

The serial port 218 may be a standard RS-232 serial port having atypical DB9 connector, or may be another type of serial port, such as anRS-485 serial port. The serial port 218 permits local configuration ofthe endpoint hardware device 200 without requiring the entry of apassword. As such, because anyone having physical and local access tothe serial port 218 is able to reconfigure the hardware device 200, theenclosure of the device 200 that includes the serial port 218 may bephysically secured. For instance, this enclosure may be stored in alocked cabinet or room.

The software 220 and/or the hardware circuit 222 make up what isreferred to herein as a mechanism 224. The mechanism 224 detects accessof the serial port 218 and performs one or more actions in response. Inone embodiment, just the hardware circuit 222 is present, such that thesoftware 220 is not. In another embodiment, both the hardware circuit222 and the software 220 are present. In still another embodiment, justthe software 220 is present, and the hardware circuit 222 is not. Thus,depending on whether the mechanism 224 includes only the software 220,only the hardware circuit 222, or both the software 220 and the hardwarecircuit 222, the mechanism 224 detects access of the serial port 218using only hardware, using only software, or using both hardware andsoftware.

The inclusion of the mechanism 224 within the endpoint hardware device200 thus permits the detection of configuration of the hardware device200 via the serial port 218, where such configuration would otherwise goundetected. Because the serial port 218 is an “open” port that is notsecured by password or any other manner except by potentially beingphysically secured in a locked cabinet or room, the inclusion of themechanism 224 is thus advantageous. Local intrusion attempts to accessand modify the hardware device 200 via the serial port 218 can beadvantageously detected and investigated pursuant to embodiments of thepresent disclosure.

FIG. 3 shows a method 300 detailing how the mechanism 224 can detect andrespond to access of the serial port 218 of the endpoint hardware device200, according to an embodiment of the present disclosure. Thus, thevarious parts of the method 300 can be performed at least in part by themechanism 224 in one embodiment. The method 300 generally includesdetecting that the serial port 218 of the device 200 has been accessed(302), and in response to such detection, performing one or more actions(304). Each of these parts is now described in more detail.

Detecting that the serial port 218 has been accessed in part 302 may beachieved in a lowest level manner (306), a mid-level manner (312), or ahighest level manner (314). In the lowest level manner, the connectionof a connector of another device to the serial port 218 of the device200 is detected (306), without the other device transmitting any data orcommands over the serial port 218. That is, detection that the serialport 218 has been accessed is accomplished simply by detecting theactual physical connection of a connector of another device to theserial port 218.

For instance, the act of physically connecting a connector of anotherdevice to the serial port 218 of the device 200 may cause two or morepins of the serial port 218 to be electrically connected or grounded. Assuch, the act of physically connecting a connector of another device tothe serial port 218 may be detected by the hardware circuit 222 thatdetects this electrical connection or grounding (308), without employingany software whatsoever. Alternatively, the software 220 may be used inlieu of or in addition to hardware, such as the hardware circuit 222, todetect the act of physically connecting a connector of another device tothe serial port 218 (310).

In the mid-level manner, the transmission of one or more commands ordata over the serial port 218 is detected (312) to detect that theserial port 218 of the device 200 has been accessed. The nature of thecommands or the data that is transmitted over the serial port 218 can beirrelevant in the detection of part 312. The transmission of anycommands or data transmitted over the serial port 218 is sufficient inthis embodiment to detect that the serial port 218 has been accessed.Such detection may be achieved by the software 220 and/or by thehardware circuit 222.

In the highest level manner, modification of the configuration of thedevice 200 using the serial port 218 is detected (314) to detect thatthe serial port 218 of the device 200 has been accessed. Thus, it is notthat commands or data per se having been transmitted over the serialport 218 that triggers the detection that the serial port 218 has beenaccessed, but the end result of those commands or data—the modificationof the configuration of the device 200. Where the modification of theconfiguration of the device 200 is achieved using the serial port 218,such modification triggers detection that the serial port 218 has beenaccessed.

The lowest level manner of detection of part 306 is thus the lowestlevel of detection in that it does not matter that any electricalsignals (representing data or commands) have been transmitted over theserial port 218; the act of physically connecting a connector of anotherdevice to the serial port 218 is sufficient to detect access of theserial port 218. By comparison, the mid-level manner of detection ofpart 312 is one level higher than the detection of part 306; in thatjust the act of physically connecting a connector to the serial port 218does not trigger detection of access of the serial port 218. Rather, thetransmission of electrical signals representing data or commands overthe serial port 218 is detected, which is what triggers detection ofaccess of the serial port 218.

Furthermore, the highest level of detection of part 314 is one levelhigher than the detection of part 312. This is because the simpletransmission of data or commands over the serial port 218 does nottrigger detection of access of the serial port 218 in part 314 as itdoes in part 312. Rather, the end result of transmission of such data orcommands—the modification of the configuration of the device 200—is whattriggers detection of access of the serial port in part 314.

Implementation of the hardware circuit 222 and the software 220 can beperformed in a number of different ways. For instance, particularly asto the hardware circuit 222, a circuit can be constructed to detect thatan electrical connection between two pins of the serial port 218 hasresulted. For example, such an electrical connection may result in theresistance between the two pins decreasing from a substantially veryhigh level to a substantially very low level. This decrease inresistance can be detected by the circuit 222. As another example, acircuit can be constructed to detect that a pin of the serial port 218has been grounded, by measuring the voltage of the pin to ground, suchthat grounding of the pin results in this voltage being substantiallyzero.

The actions that are performed in part 304 in response to detecting thatthe serial port 218 of the device 200 has been accessed can include anyof a number of different types of actions. Three different types ofactions are described herein. First, a simple network managementprotocol (SNMP) trap or another type of network alert can be fired(316), or issued. An SNMP trap is generally employed to asynchronouslyreport an event about a managed subsystem, which in this case is thedetection that the serial port 218 of the device 200 has been accessed.An SNMP trap employs the SNMP, and thus is transmitted over the network104 using the networking hardware 216 of the device 200. An example ofanother type of network alert is an alert issued by OpenView® networkingsoftware, available from the Hewlett-Packard Company of Palo Alto,Calif.

Second, a user can be alerted that the serial port 218 has been accessed(318). The alerting of a user can occur in a number of different forms.The SNMP trap or network alert of part 316 may be considered a useralert, for instance. An email may be sent to a user, via the networkinghardware 216. A user alert may be visually displayed on the videodisplay 202, or audibly output via the speaker 204. Other manners bywhich a user alert can be issued can also be employed.

Third, an alert that the serial port 218 of the device 200 has beenaccessed may be stored within the non-volatile memory 210 (214). Forinstance, the unauthorized access of the serial port 218 may change theconfiguration of the device 200 such that the device 200 is no longerable to communicate over the network 104 via the networking hardware216. As such, the alerts of parts 316 and 318 if attempted to betransmitted may not be able to be transmitted due to this configurationchange, since the network connectivity of the device 200 has beendisconnected. Therefore, such an alert may also be stored in thenon-volatile memory 210 of the device 200.

At some point, a user is likely to recognize that the endpoint hardwaredevice 200 is no longer communicatively connected to the network 104,but may guess that the reason why is that the device 200 has encountereda bug in its operating software, or for another reason other thanunauthorized access of the device 200. Therefore, the user may revertthe configuration of the device 200 and/or reboot the device 200 so thatit is again able to communicate over the network 104. At that time, thealert stored in the non-volatile memory 210 is issued over the network104, once network connectivity of the device 200 has been restored. Assuch, the user ultimately does learn that the serial port 218 has beenaccessed.

As another example, a malicious user may disconnect the device 200 fromthe network 104, modify the configuration, and reconnect the device 200back to the network 104. Therefore, the alert is stored in thenon-volatile memory 210, just in case the user has disconnected thedevice 200 from the network 104, or if modification of the configurationresulted in the loss of network connectivity. Thus, when the device 200is reconfigured so that it is again able to communicate over the network104—or when the device 200 is simply reconnected to the network 104, ifthe configuration modification did not result in the loss of networkconnectivity—the alert stored in the non-volatile memory 210 is issuedover the network 104.

Embodiments of the present disclosure thus permit the access of theserial port of a device to be detected, and for one or more actions tobe responsively performed. The nature of the device in relation to whichembodiments of the present disclosure can be practiced has beendescribed substantially in relation to a video teleconferencing hardwaredevice, although other types of devices can alternatively use thetechniques that have been described herein. Especially where the serialport of a device is considered a last resort technique by whichconfiguration of the device can be modified—such that serial port accessis not secured by a password—embodiments of the present disclosureadvantageously permit users to be notified when serial port access hasoccurred.

1. A method comprising: detecting that a serial port of a videoteleconferencing endpoint hardware device has been accessed; and, inresponse to detecting that the serial port of the video teleconferencingendpoint hardware device has been accessed, performing one or moreactions, wherein the actions comprise: alerting a user that the serialport of the video teleconferencing endpoint hardware device has beenaccessed.
 2. The method of claim 1, wherein detecting that the serialport of the video teleconferencing endpoint hardware device has beenaccessed comprises detecting that a connector of another device has beenconnected to the serial port of the video teleconferencing endpointhardware device, without the other device having transmitted any data orcommands over the serial port of the video teleconferencing endpointhardware device.
 3. The method of claim 2, wherein detecting that theconnector of the other device has been connected to the serial port ofthe device comprises a hardware circuit detecting that the connector ofthe other device has been connected to the serial port of the videoteleconferencing endpoint hardware device, without employing anysoftware to detect that the connector of the other device has beenconnected to the serial port of the video teleconferencing endpointhardware device.
 4. The method of claim 2, wherein detecting that theconnector of the other device has been connected to the serial port ofthe video teleconferencing endpoint hardware device comprises softwaredetecting that the connector of the other device has been connected tothe serial port of the video teleconferencing endpoint hardware device.5. The method of claim 1, wherein detecting that the serial port of thevideo teleconferencing endpoint hardware device has been accessedcomprises detecting that one or more commands or data have beentransmitted over the serial port of the video teleconferencing endpointhardware device.
 6. The method of claim 1, wherein detecting that theserial port of the video teleconferencing endpoint hardware device hasbeen accessed comprises detecting that a configuration of the videoteleconferencing endpoint hardware device has been modified using theserial port of the video teleconferencing endpoint hardware device. 7.The method of claim 1, wherein performing the one or more actionscomprises firing a simple network management protocol (SNMP) trap. 8.The method of claim 1, wherein performing the one or more actionscomprises storing an alert that the serial port of the videoteleconferencing endpoint hardware device has been accessed, the alertstored in non-volatile memory of the video teleconferencing endpointhardware device.
 9. The method of claim 8, wherein performing the one ormore actions further comprises issuing the alert over a network uponrestoration of network connectivity of the video teleconferencingendpoint hardware device, where accessing of the serial port of thevideo teleconferencing endpoint hardware device resulted indisconnection of the network connectivity of the video teleconferencingendpoint hardware device.
 10. A video teleconferencing endpoint hardwaredevice comprising: one or more video teleconferencing hardwarecomponents; a serial port communicatively coupled to the videoteleconferencing hardware components; and, a mechanism to detect thatthe serial port has been accessed and to perform one or more actions inresponse to detecting that the serial port has been accessed, whereinthe actions comprise: alerting a user that the serial port of the videoteleconferencing endpoint hardware device has been accessed.
 11. Thevideo teleconferencing endpoint hardware device of claim 10, wherein themechanism is one of: a hardware-only circuit, and a software mechanism.12. The video teleconferencing endpoint hardware device of claim 10,wherein the mechanism is to detect that the serial port has beenaccessed by one of: detecting that a connector of another device hasbeen connected to the serial port, without the other device havingtransmitted any data or commands over the serial port; detecting thatone or more commands or data have been transmitted over the serial port;and, detecting that a configuration of the video teleconferencingendpoint hardware device has been modified using the serial port. 13.The video teleconferencing endpoint hardware device of claim 10, whereinthe one or more actions performed by the mechanism in response todetecting that the serial port has been accessed further comprise:firing a simple network management protocol (SNMP) trap.
 14. The videoteleconferencing endpoint hardware device of claim 10, wherein the oneor more actions performed by the mechanism in response to detecting thatthe serial port has been accessed further comprise: storing an alertthat the serial port has been accessed within non-volatile memory of thevideo teleconferencing endpoint hardware device, and issuing the alertover a network upon restoration of network connectivity of the videoteleconferencing endpoint hardware device, where accessing of the serialport resulted in disconnection of the network connectivity of the videoteleconferencing endpoint hardware device.